Vulnerabilities > Improper Authentication
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-32524 | Improper Authentication vulnerability in Trendmicro Mobile Security 9.8 Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | 8.8 |
| 2023-06-22 | CVE-2023-3326 | Improper Authentication vulnerability in Freebsd pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. | 9.8 |
| 2023-06-19 | CVE-2022-48494 | Improper Authentication vulnerability in Huawei Emui Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 7.5 |
| 2023-06-19 | CVE-2022-48496 | Improper Authentication vulnerability in Huawei Emui Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized. | 7.5 |
| 2023-06-16 | CVE-2023-30223 | Improper Authentication vulnerability in 4D Server 17/18/19 A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. | 7.5 |
| 2023-06-14 | CVE-2023-34367 | Improper Authentication vulnerability in Microsoft Windows 7 Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. | 6.5 |
| 2023-06-13 | CVE-2023-2638 | Improper Authentication vulnerability in Rockwellautomation products Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives. This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. | 5.0 |
| 2023-06-13 | CVE-2023-30762 | Improper Authentication vulnerability in Kbdevice products Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series. | 9.8 |
| 2023-06-13 | CVE-2023-29129 | Improper Authentication vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). | 9.8 |
| 2023-06-12 | CVE-2023-32220 | Improper Authentication vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5 Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. | 9.8 |